Countering the Spread of Biometrics: three case studies from differing contexts illustrate the looming dangers of the untransparent and unregulated collection of biometric data in the name of combating terrorism.
This statement was originally published on privacyinternational.org on 28 May 2021.
KEY FINDINGS
- Biometric data collection and use in the name of countering terrorism has been accelerating around the globe, often abusively, without being effectively regulated or subject to accountability mechanisms
- Three case studies from differing contexts illustrate the looming dangers of the untransparent and unregulated collection of biometric data
- The whereabouts and current use of a US military biometric database that started in Afghanistan and Iraq by indiscriminately collecting biometric data of local populations remain unknown
- The Israeli state has been deploying biometrics, including cutting-edge facial recognition technology, in the name of counter-terrorism to routinely surveil and severely restrict Palestinians’ freedom of movement
- Biometric initiatives in Somalia by various international actors have had dubious benefits and detrimental effects on local populations
Since the September 11th attacks, decision makers across the globe have embraced overreaching surveillance technologies. The global “War on Terror” ushered in and normalized an array of invasive surveillance technologies. Collection and storage of biometrics data and the application of statistical methods to such data have been touted as uniquely suited to twenty-first century threats. Yet, biometrics technologies are not seamless, panoptic technologies that allow for perfect control. They can still pose significant risks to the right to privacy and other human rights.
Despite contested evidence of the efficacy of biometrics in preventing terrorism, biometric technology has become central to the geopolitical imagination and practices of contemporary security strategists worldwide. A range of governmental and intergovernmental bodies use biometrics to create watchlists, control movement across borders and access points, track and surveil people of interest, and perform forensic analysis. Governments and international organizations are building or promoting ever-more centralized, interoperable databases of biometric data including fingerprint, DNA, and facial images. In 2017, the UN Security Council’s Resolution 2396 decided that member states shall develop and implement systems to collect and share biometric data for the purposes of combating terrorism.
In recent years, biometric technologies have become more sophisticated, diversified, and widespread as their market share continues to grow. Fingerprinting remains the oldest and most popular form of biometric identification. Thanks largely to the mobile biometrics revolution, which saw touch identification emerge as a standard element on smartphones, fingerprint sensors are now a common bureaucratic and commercial feature. At the same time, tech companies have been rolling out and improving upon a range of other biometric techniques, including iris, retina, voice, and facial recognition, as well as bleeding-edge technologies like gait recognition. The accuracy of face recognition has increased dramatically in recent years. Despite courting significant controversy, facial recognition technologies are now attracting significant capital investment.
This rapid technological development has not been met by commensurate changes at the level of law or policy in counter-terrorism context specifically or more broadly. National regulatory and legal frameworks continue to lag behind and, where they do exist, they are rarely effectively enforced, unable to properly safeguard against the hazards and potential misuses of biometrics. Governments and international organizations have rushed towards centralized, interoperable systems to combat terrorism without adequate legal protections or measured consideration of the associated risks.
Key concerns regarding biometric data collection and centralized databases
Biometric technologies, including facial, fingerprint, and iris recognition technologies, bring new, automated processes of surveillance to bear on the body itself – transforming relatively fixed and unchangeable physical features into machine-readable identifiers. Particularly when deployed for hidden, ambient surveillance or coupled with large, centralized databases, biometrics can seriously undermine the human right to privacy and have an irreversible impact on individuals. Unlike a password, biometric information cannot be reset if stolen and, thus, is often considered a special category of personal data, demanding of additional protections.
Nevertheless, today fingerprints, facial images, and iris scans are frequently collected and stored insecurely. Centralized databases pose particularly acute risks, as they increase the potential for data breaches and open the door for generalized surveillance. Additionally, there is the looming and constant danger of function creep – the gradual widening of a technology beyond its original, intended purpose, just because the possibility exists. When power is concentrated in the hands of organizations and governments that lack democratic accountability, there is grave potential for biometrics to be misused
In addition, biometric technologies can exacerbate exclusion and reproduce racial, gender, class, and other inequalities. Cases from India show that iris recognition systems have difficulties capturing aging eyes, while fingerprint scanners struggle to read hands worn by manual labor. The US National Institute of Standards and Technology recently conducted a large-scale study of the most widely-used facial recognition algorithms, which revealed a tendency to misidentify Asian- and African-Americans far more often than Caucasians.
Three case studies illustrative of the looming dangers of biometric collection
In such a regulatory and legal void, the UN Security Council’s embrace and promotion of biometric technology is particularly worrisome. The War on Terror has already led to a widespread erosion of civil liberties, a tendency that biometric technologies risk only accelerating. Biometric data may be able to play an important role in supporting the investigation and prevention of acts of terrorism; however, examples of their collection and use on the ground raise serious concerns, especially when not effectively regulated or subject to any or few accountability mechanisms.
We have chosen three case studies from differing contexts to illustrate the looming dangers of the untransparent and unregulated collection of biometric data in the name of combating terrorism: the collection of biometric data by the US military in Afghanistan and Iraq; facial data collection of Palestinians by Israeli authorities; and the collection of biometric data by governments and inter-governmental agencies in Somalia. In researching these three case-studies, the authors faced challenges in accessing information, and the publicly available information raises more questions than answers.
These three case studies are based on desk research and interviews with relevant experts to provide an in-depth focus on the use of biometrics in the context of counter-terrorism in Afghanistan and Iraq, Israel/Palestine, and Somalia. These case studies lay bare the human rights implications of biometrics, which can easily lead to excessive surveillance, the contracting of civil rights and personal privacy, and the automation of racial and religious inequality.
Focusing on these three regions helps to expose the fault lines surrounding the use of biometrics for counterterrorism. In all three cases, we have observed how governing powers have used biometrics on individuals with few legal protections, under conditions where opportunities for dissent are limited if not entirely lacking. These case studies also reveal the links between counter-terrorism policies and global movement controls. In all three settings, biometrics implemented in the name of security serve to limit, if not curtail, the freedom of movement, reinforcing regional and global patterns of spatial inequality.
Biometrics and counter-terrorism: Case study of Iraq and Afghanistan
In Afghanistan and Iraq, the U.S. Department of Defense (DoD) developed its biometric program in confluence with US military operations. Its expansion was tightly linked to the goals of military commanders during the “War on Terror”: to distinguish insurgents and terrorists from the local civilian population. This research shows how the DoD’s biometric programme was developed and implemented without prior assessment of its human rights impact and without the safeguards necessary to prevent its abuse. Its whereabouts and current use today remain unclear. After testing biometric prototypes in Afghanistan in 2002 and in Iraqi detention centers in 2003, the Department eventually mandated that fingerprints, facial photographs, and DNA must be collected from all its detainees worldwide.
Biometrics and counter-terrorism: Case study of Israel/Palestine
In Israel/Palestine, the Israeli government has been deploying biometrics, including cutting-edge facial recognition technology, in the name of counter-terrorism. The Israeli state routinely surveils and severely restricts Palestinians’ freedom of movement using myriad technologies, including biometrics, which result in furthering the policies of systemic segregation. Since many Palestinians live under Israeli occupation, they have little control over the way their sensitive data is turned against them.
Biometrics and counter-terrorism: Case study of Somalia
In Somalia, international entities like the U.S. Department of Defense (DoD) and intergovernmental organizations such as the United Nations (UN) have used biometrics in the name of counterterrorism, collecting and indefinitely storing biometric data, frequently in the absence of full disclosure or appropriate regulation. These biometric initiatives have had dubious benefits and known detrimental effects on local populations. Nevertheless, most Somalis have little knowledge or say over how their sensitive biometric data is used or shared.